Information Sheet 3.

1-3
Active Directory Objects (OU, Users and Groups)

LEARNING OBJECTIVES:
After reading this INFORMATION SHEET, STUDENT(S) MUST be able to:

• Understand what are differences between OU, Users and Groups.

• Create organizational unit and groups in active directory users and computers
• Create users accounts
a) In active directory users and groups
b) Using dsadd command line option
c) Using batch script
• Create a bulk of user’s accounts using a batch script.

Introduction

Active directory (AD) is not going to work solely without its objects, Objects are
everything live under AD. As stated in (Information sheet: Active Directory) objects are
the following, Users and groups, services (i.e. Emails), resources such printers, shared
folders.

What is an OU?
An organization Unit is a container that holds AD Object like User Accounts,
Computer Accounts, and Groups.

OUs help to keep your objects organized, but also are used to control what your Users
can and can’t do (among the other things)
We’ll start off building a few OUs so our Users and Computer Accounts will have a
place to live.
You can organize OUs:
• Geographically
• By function (Departments. etc.)
• But remember to KISS as much as you’re able to! Keep it Simple, Sysadmin.
Creating an Organizational Unit (OU)
Creating an Organizational Unit
1. Start by opening up your Server Manager, then expand the Roles section.

Computer accounts
 • Allow AD to keep track and control the computers in your network. A computer
without an Account in AD can’t access the network –it’s security measure.
• It resides in OU’s which allow you to install software to all machines in OU at
once.
• When you are going to join a computer in your domain (you’ll need Admin level
credentials)
• A computer account is automatically created in AD.
OU vs Groups
OU’s keep your object organized and are used to control what users and computers
can and can’t do.
Groups are active directory objects that allow you to provide and deny access to
resources like printer folder en masse. Groups are residing in organizational unit.

CREATING ORGANIZATIONAL UNIT

1. Open server manager
2. Expand the Active Directory Domain Services (click the + sign ) section >
click on Active Directory Users and Computers.

3. At this point you should be able to see your domain. In our example we are
using the itsmeismael domain. Go ahead and expand your domain (click the
+ sign).
4. Now we need to create an Organizational Unit for a group to live in. In this
example we are going to create an OU for our CSS Students. To create a new
Organization Unit, right-click on your domain name, point to the New option
and then select Organizational Unit.
5. Type the name of your OU and make sure that the box is checked next to
Protect container from accidental deletion. When done, click OK.

6. We now have a new Organizational Unit in our Active Directory called CSS
Students.
CREATING A NEW GROUP

1. After creating an Organizational Unit in your Active Directory, you are ready
to create your first group. Go ahead and select your OU and then right-click in
the blank area. Next, point to New and then select Group.
3. The next step is to name your Group, select the group scope and then select
the group type.

In this example we are going to name our group CSS User. We are also going to
leave the default selections for group scope is Global, and group type is
Security > click OK.

4. Our new group has been created!

USER ACCOUNTS

• it allow users to access network resources.

Creating account using server manager

1. Open Server Manager open Roles click Open Active Directory Users and
expand the domain name (itsmeismael.com). Select the Organization Unit
(CS Students) where you want to create the new user account.

2. In the empty area, right-click select New and click User. You can also rightclick
the OU and click New and select User to create new user account.
3. New Object dialog box will open as shown below. You can fill in the user
information like first name, lastname etc. As you can see below, there are two
user logon names. The first User logon name also called User Principal Name
(UPN) [email protected] which is email like name that can be used
to login to domain joined computers. Second user logon name (pre-Windows
2000) also called SamAccountName can also be used by user to login to
domain-joined computers in the form itsmeismael\superUser. After entering
the user details, click Next.
4. Enter password for the user. You can choose various options as shown below.
Once you are done, click Next.
5. View the summary then click Finish.
CREATE ACCOUNTS USING COMMAND LINE
You can also add users by using DSADD command line option. IT allows you create
users using command prompt.

DSADD is a command-line option that will allow you to create users with commands.
Syntax: dsadd user ”cn=Username,ou=OUName, dc=YOurndomain,

dc=yoursuffix” Example dsadd user “itsmeuser, ou=CSSStudents,

dc=css, dc=com”

If you are going to add users’ complete name use the following syntax.
dsadd user “itsmeuser, ou=CSSStudents, dc=css, dc=com “ –fn Ismael –ln
Balana –pwd css_2016 –mustpwd no

If you want fast and easy creation of users just use the following codes, but this time
you need type the codes using Notepad or any equivalent text editor.
1. Open notepad or notepad++ > then type an example shown below
Syntax:
dsadd user “cn=%1, ou=OUName, dc=YourDomain, dc=YourSuffix” –fn%2 –
ln%3 –pwd Password –mustchpwd yes Example:
dsadd user “cn=%1, ou=CSSUsers, dc=itsmeismael, dc=com” –fn%2 –ln%3 –
pwd css_2016 –mustchpwd yes

2. Save it as “addUsername.bat” in accessible directory.

3. Open command line, navigate to the directory where the script resides and type:
Syntax addOUName username firstname lastname

Example:
addCSSUsers itsmeismael Ismael Balana

4. Open server manager OU and check the result

Moving users into a Group
1. In order to move existing accounts into a group, you need to hold down the Control
key and click the user or computer accounts that you want to move into that
group.
2. Then you need to right-click on any one of those accounts and select Add to a
group.
3. Next, Type the group name and let the machine find it.
In our example, I will type CSS Users and then click on the Check names button.
Once the name is verified and group name is found, the text will be underlined and
you can click the OK button to continue.

4. Now all of these accounts are part of our CSS Users group.
 TASK SHEET 3.1-3

Title: Install active directory

Performance Objective: Given are the following materials, you should be able to
install active directory. Allotted time 30 minutes.

Supplies/Materials :

Equipment : Computer with Windows Server 2008 R2

Prerequisites: Installed and configured active directory Steps/Procedure:

1. Read information sheet 3.1-3 Installing active directory
2. Create an Organizational Unit
Where:
Name of Organizational Unit(s) = CSS Students
3. Create two domain users
Where:
Name of first user =Your full name, Logon username = WirelessClient
Name of second user = Your full name, Logon username = Wired Client
Set the password as _admin@123 for both users

4. Create a group
Where:
Group name = CSS Group
Add your newly created domain users inside the group

Assessment Method:
Demonstration, Observation

Performance Criteria Checklist 3.1-3

Trainee’s Name: ___________________________________ Date: _________________________ During
the performance of the task, did you consider the following criteria?
Grade Point
Equivalent NO
Highest Possible
CRITERIA YES Score = 5
Lowest Possible
score = 0

Did the trainee…

1. Created an organizational unit

according to the specific given
task?
2. Created two domain users
according to job requirements?
3. Set up the group for domain
users according to specific
instruction?
4. Performed and followed
completely the given tasks?
5. Observed and performed 5S and
occupational health and safety?

Feedback

Total Points

Total Items

Signature of the Trainee/Learner

Signature of the Trainer Ismael Manic Balana

Grade Point Equivalent
The table shows the equivalent points that are used and show how they are calculated to determine
the grade point average (GPA), or index.

The highest equivalent points that trainer can give is 5 points per criterion and the lowest is 0. If the
trainee/learner accumulate scores with below two (2) grade point equivalent, she/he needs to retake
the whole given task.

Grade Point Explanation

Equivalent

5 Excellent

4 Very Good

3 Good

2 Average

1 Poor

0 Failure

TERMS AND DEFINITIONS

OU or organization unit is a container that holds AD object like user accounts,

computer accounts, and groups.
Groups are active directory objects that allow you to provide and deny access to
resources like printer folder en masse. groups are residing in organizational
unit.
DSADD is a command-line option that will allow you to create users with
commands.

REFERENCES
https://www.howtogeek.com/99323/installing-active-directory-on-server-2008-r2/

https://blogs.technet.microsoft.com/activedirectoryua/2011/07/07/a-delegation-forthis-

dns-server-cannot-be-created-because-the-authoritative-parent-zone-cannot-befound-or-it-

does-not-run-windows-dns-server/

cssnctwo.weebly.com

www.petri.com/creating-active-directory-quizlet.com/21167195/active-

directoryflporeshmcse.blogspot.com/2009/11

www.pluralsight.com/blog/tutorials/windo

www.reddit.com/r/sysadmin/comments/3k8mm www.mustbegeek.com/create-user-

account-i www.suse.com/.../book_security/book_secu

www.sciencedirect.com/topics/computer-scdocs.microsoft.com/en-us/office365/enter

www.grouppolicy.biz/.../best-practices-gsupport.office.com/en-us/article/

VideoOforums.spacebattles.com ccsethiopia.com/product_training.html

www.termpaperwarehouse.com/essay-on/1-Re www.slideshare.net/banzonburner1/for-

pri www.baruch.cuny.edu/confluence/display/. blog.netwrix.com/2018/06/19/how-to-

add-adocs.microsoft.com/en-us/ -versions